Privacy Policy for SubAudit

Effective Date: 16 May 2026

1. Who We Are

SubAudit is a bank-connected recurring payments intelligence platform. We help users identify subscriptions, direct debits, and other recurring charges from transaction history.

Contact: support@subaudit.app

2. Product Scope

Important: SubAudit no longer scans Gmail or other inboxes for subscription discovery. Detection is based on connected bank data and manually added records.

3. Data We Process

• Account data: name, email, country, currency, authentication data.
• Bank data (read-only): transaction details for the latest three-month sync window, direct debits, standing-order signals, and account metadata required for recurring-payment detection.
• Manual entries: subscription details you add or edit.
• Operational data: security logs, diagnostics, and product usage events.

4. How Bank Connectivity Works

• SubAudit uses regulated providers (for example TrueLayer) for bank connectivity.
• You authenticate directly with your bank/provider during a redirect flow.
• SubAudit does not receive or store your online banking username/password.
• Access is read-only. SubAudit cannot initiate payments, move funds, or change mandates.
• Bank imports are limited to the minimum recent history needed to detect renewals, trials, and recurring-payment patterns.

5. Legal Basis

• Consent: connecting bank data and optional notifications.
• Contract: delivering subscription tracking and account features.
• Legitimate interests: reliability, fraud prevention, and security monitoring.

6. Data Sharing

We share data only with service providers required to operate SubAudit (bank connectivity providers, hosting, database, and transactional email providers). We do not sell personal data.

7. Data Retention

• Account and subscription data: retained while account is active and used to calculate renewal dates, trial dates, and countdowns.
• Bank access tokens/connections: retained only while connected; removed on disconnection or account deletion.
• Security logs: retained for limited operational periods.

8. Your Controls

• Disconnect bank connections at any time from your account settings.
• Edit or remove subscriptions and direct debits.
• Request account deletion and data erasure via account settings or support.

9. Security

We use encryption in transit, encrypted token storage, and access controls to protect user data.

10. Contact

Questions or privacy requests: support@subaudit.app